This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed

On Mar 26, 2006, at 10:22 PM, David Blacka wrote:

>> Rather than going into that detail, I propose that we choose the
>> path of simplicity and eliminate the delegation-only requirement.

> I'm not sure that is the simplest path. A seemingly great number
> of questions about how opt-in works are essentially answered with
> "that can't happen because it is delegation-only". Like, for
> instance, can you opt out the zone apex (no) ? can you opt-out a
> wildcard (no) ? So we would have to replace "delegations only"
> with a possible more complex set of rules.

Besides, the delegation only requirement the result of endless and
heated debates about the change in the security model that we had
when opt-in first came to the table.

I prefer we do not try to relive that era.

> I.e., by issuing a query for possible-delegation/IN/NS to the parent.

Would querying for a DS at that parent work? I would think that that
would be the regular fall back when trying to build a chain of trust?


Olaf M. Kolkman
NLnet Labs

content-type: application/pgp-signature; x-mac-type=70674453;
content-description: This is a digitally signed message part
content-disposition: inline; filename=PGP.sig
content-transfer-encoding: 7bit

Version: GnuPG v1.4.1 (Darwin)
Comment: This message is locally signed.



to unsubscribe send a message to with
the word 'unsubscribe' in a single line as the message text body.